<?php

session_start();

class users{
	
	function __construct(){
		
	}
	public function dataUser($id){
		$query;
		$res = array();
		$query = mysql_query("SELECT * FROM user WHERE id='".$id."'") or die(mysql_error());		
		if($query){
			$res = mysql_fetch_array($query);			
			return $res;
		}
		return false;			
	}
	
	public function generate_salt($length = 15){
		$alphabet = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890!@#$%^&*()_+=-';
		$salt = '';
		for($i=0;$i<$length;$i++){
			$salt .= $alphabet[rand(0, strlen($alphabet)-1)];
		}
		return $salt;
	}

	public function is_registered($login){	
		$result0;
		$result1;
		$num_rows0 = 0;
		$num_rows1 = 0;
		$result0 = mysql_query("SELECT login FROM temp_user WHERE login = '".$login."'") or die (mysql_error());
		$result1 = mysql_query("SELECT login FROM user WHERE login = '".$login."'") or die (mysql_error());
		$num_rows0 = mysql_num_rows($result0);
		$num_rows1 = mysql_num_rows($result1);
		if (($num_rows0+$num_rows1) > 0) return true;
		return false;
	}

	public function is_confirm($confirm){
		$query;
		$result = array();
		$query = "SELECT confirm FROM temp_user WHERE confirm = '".$confirm."'";
		$result = mysql_query($query) or die (mysql_error());
		$num_rows = mysql_num_rows($result);
		if ($num_rows > 0) return true;
		return false;
	}
	
	public function is_email($email){
		$result0;
		$result1;
		$num_rows0 = 0;
		$num_rows1 = 0;
		$result0 = mysql_query("SELECT email FROM temp_user WHERE email = '".$email."'") or die (mysql_error());
		$result1 = mysql_query("SELECT email FROM user WHERE email = '".$email."'") or die (mysql_error());
		$num_rows0 = mysql_num_rows($result0);
		$num_rows1 = mysql_num_rows($result1);
		if (($num_rows0+$num_rows1) > 0) return true;
		return false;
	}
	
	public function RegisterUser($ulogin,$confirm){
		$result;
		$data = array();
		$result = mysql_query("SELECT * FROM temp_user WHERE confirm = '".$confirm."' and login = '".$ulogin."'") or die (mysql_error());
		if(mysql_num_rows($result) > 0){
			$data = mysql_fetch_array($result);
			mysql_query("INSERT INTO `user` (login ,password ,salt ,name ,surname ,phone ,email ,country ,city ,question ,response ,registered ,visit, last_visit ,is_active, privilege, status, image)
			VALUES ('".$data['login']."', '".$data['password']."', '".$data['salt']."', '".$data['name']."', '".$data['surname']."', '".$data['phone']."', '".$data['email']."', '".$data['country']."', '".$data['city']."', '".$data['question']."', '".$data['response']."', '".$data['registered']."', '', '', '0', '0', '0', '0')") or die(mysql_error());
			mysql_query("DELETE FROM temp_user WHERE temp_user.id = ".(int)$data['id']) or die(mysql_error());
			return true;
		}
		return false;
	}
	
	public function TemplateRegisterUser($data){
		$salt = $this->generate_salt();
		$query;
		$date = time();
		$password = md5(md5($data['password']).md5($salt));
		$result = "INSERT INTO temp_user (
			login,password,salt,name,surname,phone,email,country,city,question,response,registered,confirm,privilege)
			VALUES ('".$data['login']."','".$password."','".$salt."','".$data['name']."','".$data['surname']."','".$data['phone']."','".$data['email']."','".$data['country']."', '".$data['city']."','".$data['question']."','".$data['response']."','".$date."','".$data['confirm_reg']."','0')";
		$query=mysql_query($result);
		if ($query) return true;				
		return false;
	}

	public function confirm($login,$name,$surname,$email){
		return md5($login.$name.$surname.$email.time());
	}

	public function send_message($confirm,$email,$ulogin, $pass){
		$subject    = "Подтверждение регистрации на сайте zv-goldentime.ru";
		$herf = 'http://'.$_SERVER['HTTP_HOST'].'/library/core.php?confirm='.$confirm.'&ulogin='.$ulogin;
		$message = '
			<html>
			<head>
			 <title>'.$subject.'</title>
			</head>
			<body>
			<p>Здравствуйте! Спасибо за регистрацию</p>
			<p>Вы зарегестрированы на сайте zv-goldentime.ru под логином '.$ulogin.'</p>
			<p>Перейдите по ссылке, чтобы активировать ваш аккаунт</p>
			<p><a href="'.$herf.'">Активация</a></p>
			<p>Ваш пароль '.$pass.'</p>
			</body>
			</html>
			';
		$header  = 'MIME-Version: 1.0' . "\r\n";
		$header .= 'Content-type: text/html; charset=utf-8' . "\r\n";
		$header .= 'To: Пользователь системы zv-goldentime.ru <'.$email.'>' . "\r\n";
		$header .= 'From: <admin@zv-goldentime.ru>' . "\r\n";
		/*$header .= 'Cc: '.$email . "\r\n";
		$header .= "Reply-To: Робот сайта Золотое Время <".$email.">";*/
		//$header .= "Subject: ".$subject."";
		//$header .= "X-Mailer: PHP/".phpversion();
		if(mail($email, $subject, $message, $header)){
			return true;
		} else {
			return false;
		}
	}
	
	public function data_message($id){
		$query;
		$res = array();
		$query = mysql_query("SELECT * FROM `messages` WHERE `id`='".$id."'")or die(mysql_error());
		if ($query){
				$res = mysql_fetch_array($query);
				return $res;
			}
		return false;
	}
	
	public function user_message($from, $to, $theme, $text0){
		$query;
		$text = str_replace(array('"', "'", "`"), array("&quot;", "&apos;", "&acute;"), $text0);
		$query = mysql_query("INSERT INTO `messages` (`from` ,`to` ,`theme` ,`date` ,`text` ,`toReaded` ,`deleted_from` ,`deleted_to`) VALUES ('".$from."', '".$to."', '".$theme."', '".date('Y-m-d H:i:s', time())."', '".$text."', '0', '0', '0')") or die(mysql_error());	
		if ($query)
			return true;
		return false;
	}
	
	public function toReaded($id_mes){
		$query;
		$query = mysql_query("UPDATE `messages` SET `toReaded` = '1', `date`=date WHERE `id` ='".$id_mes."'") or die(mysql_error());
		if ($query)
			return true;
		return false;
	}
	
	public function show_inbox_message($id){
		$query;
		$res = array();
		$data = array();
		$query = mysql_query("SELECT * FROM `messages` WHERE (`to`='".$id."' and `deleted_to`='0') ORDER BY date DESC")or die(mysql_error());		
		$html = '<table class="all_message" id="all-users-table">';
		$html .= '<thead><tr>						
						<td>Тема письма</td>
						<td>Автор</td>
						<td width="120">Дата письма</td>
						<td width="20"></td>
					 </tr></thead><tbody>';
		if ($query){
			while($res =  mysql_fetch_array($query)){
			$bg = '';
			$read = '';
			if ($res['theme'] == '')
				$res['theme'] = 'Без темы';
				$data = $this->dataUser($res['from']);
				if ($res['toReaded'] == 0){
					if ($res['to'] == $id){
						$html .= '<tr class="bg">';
						//$read = '<a class="toReaded" href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">1</a>';
					}
				}else{
					$html .= '<tr>';
					//$read = '<a href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">0</a>';
				}
				$html .= '<td class="theme"> <form><input class="checked" type="checkbox" name="del_mes" id="del_mes" value="'.$res['id'].'" /></form><a href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$res['theme'].'</a></td>
				<td>'.$read.'<a class="from" href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$data['name'].' '.$data['surname'].'</a>
				<td class="time"><a href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$res['date'].'</a></td>
				<td><input type="button" id="'.$res['id'].'" class="move_to_trash"/></td></tr>';
			}
			$html .= '</table>';
			return $html;
		}
		return false;
	}
	
	public function show_no_read($id){
		$query;
		$res = array();
		$data = array();
		$query = mysql_query("SELECT * FROM `messages` WHERE (`to`='".$id."' and `deleted_to`='0' and `toReaded`='0') ORDER BY date DESC")or die(mysql_error());
		$html = '<table class="all_message" id="all-users-table">';
		$html .= '<thead><tr>						
						<td>Тема письма</td>
						<td>Автор</td>
						<td width="120">Дата письма</td>
						<td width="20"></td>
					 </tr></thead><tbody>';
		
		if ($query){
			while($res =  mysql_fetch_array($query)){
			$bg = '';
			$read = '';
			if ($res['theme'] == '')
				$res['theme'] = 'Без темы';
				$data = $this->dataUser($res['from']);
				if ($res['toReaded'] == 0){
					if ($res['to'] == $id){
						$html .= '<tr class="bg">';
					}
				}else{
					$html .= '<tr>';
				}
				$html .= '<td class="theme"> <form><input class="checked" type="checkbox" name="del_mes" id="del_mes" value="'.$res['id'].'" /></form><a href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$res['theme'].'</a></td>
				<td>'.$read.'<a class="from" href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$data['name'].' '.$data['surname'].'</a>
				<td class="time"><a href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$res['date'].'</a></td>
				<td><input type="button" id="'.$res['id'].'" class="move_to_trash"/></td></tr>';
			}
			$html .= '</table>';
			return $html;
		}
		return false;
	}
	
	public function show_inbox($id){
		$query;
		$res = array();
		$data = array();
		$query = mysql_query("SELECT * FROM `messages` WHERE (`to`='".$id."' and `deleted_to`='0') ORDER BY date DESC")or die(mysql_error());
		$html = '<table class="all_message" id="all-users-table">';
		if ($query){
			while($res =  mysql_fetch_array($query)){
			$bg = '';
			if ($res['theme'] == '')
				$res['theme'] = 'Без темы';
				$data = $this->dataUser($res['from']);
				if ($res['toReaded'] == 0){
					if ($res['from'] == $id){
						$html .= '<tr class="bg">';
						$html .= '<td class="emptytoReaded"></td>';
					}
					
					if ($res['to'] == $id){
						$html .= '<tr>';
						$html .= '<td class="toReaded" id="'.$res['id'].'"></td>';
						
					}
				}else{
					$html .= '<tr>';
					$html .= '<td class="emptytoReaded"></td>';
				}
				$html .= '<td class="check"><form><input type="checkbox" name="del_mes" id="del_mes" value="'.$res['id'].'" /></form></td>
				<td class="from"><a href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$data['name'].' '.$data['surname'].'</a></td>
				<td class="theme"><a href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$res['theme'].'</a></td>
				<td class="time"><a href="profile.php?action=inbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$res['date'].'</a></td>
				<td><input type="button" id="'.$res['id'].'" class="move_to_trash"/></td></tr>';
			}
			$html .= '</table>';
			return $html;
		}
		return false;
	}
	
	public function show_outbox($id){
		$query;
		$res = array();
		$data = array();
		$query = mysql_query("SELECT * FROM `messages` WHERE (`from`='".$id."' and `deleted_from`='0') ORDER BY date DESC")or die(mysql_error());
		$html = '<table class="all_message" id="all-users-table">';
		$html .= '<thead><tr>						
						<td>Тема письма</td>
						<td>Кому</td>
						<td width="120">Дата письма</td>
						<td width="20"></td>
					 </tr></thead><tbody>';
		if ($query){
			while($res =  mysql_fetch_array($query)){
			$bg = '';
			$read = '';
			if ($res['theme'] == '')
				$res['theme'] = 'Без темы';
				$data = $this->dataUser($res['from']);
				$data_to = $this->dataUser($res['to']);
				if ($res['toReaded'] == 0){
					{
						$html .= '<tr class="bg">';
					}
				}else{
					$html .= '<tr>';
				}
				$html .= '<td class="theme"> <form><input class="checked" type="checkbox" name="del_mes" id="del_mes" value="'.$res['id'].'" /></form><a href="profile.php?action=outbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$res['theme'].'</a></td>
				<td>'.$read.'<a class="from" href="profile.php?action=outbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$data_to['name'].' '.$data_to['surname'].'</a>
				<td class="time"><a href="profile.php?action=outbox&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$res['date'].'</a></td>
				<td><input type="button" id="'.$res['id'].'" class="move_to_trash"/></td></tr>';
			}
			$html .= '</table>';
			return $html;
		}
		return false;
		
	}
	
	public function new_message($id){
		$query;
		$query = mysql_query("SELECT * FROM `messages` WHERE (`to`='".$id."' and `toReaded`='0')ORDER BY date DESC")or die(mysql_error());
		return mysql_num_rows($query);
		
	}
	
	public function amount_inbox($id){
		$query;
		$query = mysql_query("SELECT * FROM `messages` WHERE ((`to`='".$id."') and (`toReaded`='0') and (`deleted_to`='".MESSAGE_ACTIVE."'))")or die(mysql_error());
		return mysql_num_rows($query);		
	}
	
	public function all_amount_inbox($id){
		$query;
		$query = mysql_query("SELECT * FROM `messages` WHERE `to`='".$id."' and `deleted_to`='0'")or die(mysql_error());
		return mysql_num_rows($query);		
	}
	
	public function amount_outbox($id){
		$query;
		$query = mysql_query("SELECT * FROM `messages` WHERE (`from`='".$id."' and `toReaded`='0' )")or die(mysql_error());
		return mysql_num_rows($query);		
	}
	
	public function all_amount_outbox($id){
		$query;
		$query = mysql_query("SELECT * FROM `messages` WHERE (`from`='".$id."' and `deleted_from`='0')")or die(mysql_error());
		return mysql_num_rows($query);		
	}
	
	public function amount_trash($id){
		$query;
		$query = mysql_query("SELECT * FROM `messages` WHERE (`to`='".$id."' and `deleted_to`='1') or (`from`='".$id."' and `deleted_from`='1') ORDER BY date DESC")or die(mysql_error());
		return mysql_num_rows($query);
	}
	
	public function show_trash($id){
		$query;
		$res = array();
		$data = array();
		$query = mysql_query("SELECT * FROM `messages` WHERE (`to`='".$id."' and `deleted_to`='1') or (`from`='".$id."' and `deleted_from`='1') ORDER BY date DESC")or die(mysql_error());

		$html = '<table class="all_message" id="all-users-table">';
		$html .= '<thead><tr>						
						<td>Тема письма</td>
						<td>Автор</td>
						<td width="120">Дата письма</td>
						<td width="40"></td>
					 </tr></thead><tbody>';
		if ($query){
			while($res =  mysql_fetch_array($query)){
			if ($res['theme'] == '')
				$res['theme'] = 'Без темы';
				$data = $this->dataUser($res['from']);
				$html .= '<tr>
				<td class="theme"><form><input class="checked" type="checkbox" name="select_few" id="del_mes" value="'.$res['id'].'"/></form>
				<a href="profile.php?action=trash&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$res['theme'].'</a>				
				<td class="from"><a href="profile.php?action=trash&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$data['name'].' '.$data['surname'].'</a></td></td>
				<td ><a href="profile.php?action=trash&from='.$res['from'].'&to='.$res['to'].'&id_mes='.$res['id'].'">'.$res['date'].'</a></td>
				<td><input title="Возобновить" type="button" id="'.$res['id'].'" class="renew"/>
				<input title="Удалить" type="button" id="'.$res['id'].'" class="delete_mes"/></tr>';
			}
			$html .= '</table>';
			return $html;
		}
		return false;
	}
	
	public function move_to_trash($id, $id_mes){	
		$query_;
		$query_ = mysql_query("SELECT * FROM `messages` WHERE id='".$id_mes."' and (`from`='".$id."' or `to`='".$id."')") or die(mysql_error());
		$query;
		if ($query_){
			$res_query_ = mysql_fetch_array($query_);
			if ($res_query_['from']==$id){
				$query = mysql_query("UPDATE `messages` SET `date`=date, `deleted_from` = '".MESSAGE_BASKET."' WHERE `id` ='".$id_mes."'") or die(mysql_error());
				if ($query)
					return true;
			}
			if ($res_query_['to']==$id){
				$query = mysql_query("UPDATE `messages` SET `date`=date, `deleted_to` = '".MESSAGE_BASKET."' WHERE `id` ='".$id_mes."'") or die(mysql_error());	
				if ($query)
					return true;
			}
			return false;
		}	
		return false;		
	}
	
	public function return_from_trash($id, $id_mes){
		$query_;
		$query;
		$res_query_ = array();
		$query_ = mysql_query("SELECT * FROM messages WHERE ((`id`='".$id_mes."') and ((`from`='".$id."') or (`to`='".$id."')))") or die(mysql_error());
		$query = false;
		if ($query_)
		{
			$res_query_ = mysql_fetch_array($query_);		

			if ($res_query_['from']==$id){
				$query = mysql_query("UPDATE `messages` SET `date`=date, `deleted_from`='".MESSAGE_ACTIVE."' WHERE `id`='".$id_mes."'") or die(mysql_error());
				if ($query)
					return true;
			}

			if ($res_query_['to']==$id){
				$query = mysql_query("UPDATE `messages` SET `date`=date, `deleted_to`='".MESSAGE_ACTIVE."' WHERE `id`='".$id_mes."'") or die(mysql_error());	
				if ($query)
					return true;
			}
			return false;
		}	
		return false;	
	}
	
	public function del_from_trash($id, $id_mes){
		$query_;	
		$res_query_ = array();
		$query_ = mysql_query("SELECT * FROM `messages` WHERE id='".$id_mes."' and (`from`='".$id."' or `to`='".$id."')") or die(mysql_error());
		$query;
		if ($query_){
			$res_query_ = mysql_fetch_array($query_);
			if ($res_query_['from']==$id){
				$query = mysql_query("UPDATE `messages` SET `date`=date,`deleted_from` = '".MESSAGE_DELETED."' WHERE `id` ='".$id_mes."'") or die(mysql_error());
				if ($query)
					return true;
			}
			if ($res_query_['to']==$id){
				$query = mysql_query("UPDATE `messages` SET `date`=date, `deleted_to` = '".MESSAGE_DELETED."' WHERE `id` ='".$id_mes."'") or die(mysql_error());	
				if ($query)
					return true;
			}
			return false;
		}	
		return false;
	}
	
	public function del_message($id){
		$query;
		$query = mysql_query("DELETE FROM `message` WHERE `id`='".$id."'") or die(mysql_error());
		if ($query)
			return true;
	}
	
	public function auth($login,$password){
		$query_time;
		$res_time = array();
		$res = array();
		$result = array();
		$query_salt;
		$query_time = mysql_query("SELECT id,registered FROM temp_user") or die(mysql_error());
		while ($res_time = mysql_fetch_array($query_time)){
			if ($this->check_time($res_time['registered']))
				mysql_query("DELETE FROM temp_user WHERE temp_user.id = ".(int)$res_time['id']) or die(mysql_error());
		}
		$query_salt = mysql_query("SELECT salt FROM user WHERE login = '".$login."'") or die(mysql_error());
		$res = mysql_fetch_array($query_salt);				
		$password = md5(md5($password).md5($res['salt']));			
		$query = mysql_query("SELECT * FROM user WHERE login = '".$login."' && password = '".$password."'")or die(mysql_error());
		$result = mysql_fetch_array($query);
		if (mysql_num_rows($query)>0) {			
			if ($password==$result['password']) {					
				$_SESSION['user'] = array(
					'id' => $result['id'],
					'login' => $result['login'],
					'name' => $result['name'],
					'surname' => $result['surname'],
					'phone' => $result['phone'],
					'email' => $result['email'],
					'country' => $result['country'],
					'city' => $result['city'],
					'question' => $result['question'],
					'response' => $result['response'],
					'last_visit' =>$result['last_visit'],
					'privilege' => $result['privilege'],
					'status' => $result['status']
				);	
				$this->is_active($_SESSION['user']['id']);
				$this->visited($_SESSION['user']['id']);
				return true;
			}
		}
		return false;
	}
	
	public function is_active($id){
		$query;
		if ($query = mysql_query("UPDATE user SET `is_active` = '1' WHERE id = '".$id."'") or die(mysql_error()))return true;
		return false;
	}
	
	public function no_active($id){
		$query;
		if ($query = mysql_query("UPDATE user SET `is_active` = '0' WHERE id = '".$id."'") or die(mysql_error()))return true;
		return false;
	}
	
	public function last_visited($id){
		$query;
		if ($query = mysql_query("UPDATE user SET `last_visit` = '".time()."' WHERE id = '".$id."'") or die(mysql_error()))return true;
			return false;
	}
	
	public function visited($id){
		$query;
		if ($query = mysql_query("UPDATE user SET `visit` = '".time()."' WHERE id = '".$id."'") or die(mysql_error()))return true;
			return false;
	}
	
	public function new_password($email){
		$query;
		$result = array();
		if ($this->is_email($email)){
			$new_password = $this->generate_salt();
			$query = mysql_query("SELECT salt FROM user WHERE email = '".$email."'") or die (mysql_error());
			$result = mysql_fetch_array($query);
			$password = md5(md5($new_password).md5($result['salt']));			
			$query = mysql_query("UPDATE `user` SET `password` = '".$password."' WHERE `email` = '".$email."'") or die(mysql_error());
			$subject    = "Новый пароль";
			$message = '
				<html>
				<head>
				 <title>'.$subject.'</title>
				</head>
				<body>
				<p>Здравствуйте!</p>
				<p>Ваш новый пароль</p>
				<p>'.$new_password.'</p>
				<p>С уважением, Администрация</p>
				</body>
				</html>
			';
			$header = "Content-type: text/html; charset=utf-8 \r\n";	
			$header .= "From: goldentime\r\n";		
			if (mail($email,$subject,$message,$header)) return true;
				return false;
		}
		return false;
	}
	
	public function user_password($email){
		$query;
		$result = array();
		if ($this->is_email($email)){
			$new_password = $this->generate_salt();
			$query = mysql_query("SELECT salt FROM user WHERE email = '".$email."'") or die (mysql_error());
			$result = mysql_fetch_array($query);
			$password = md5(md5($new_password).md5($result['salt']));			
			$query = mysql_query("UPDATE `user` SET `password` = '".$password."' WHERE `email` = '".$email."'") or die(mysql_error());
			$subject    = "Новый пароль";
			$message    = "Здраствуйте! Ваш новый пароль \n 
			".$new_password."\n			
			С    уважением, Администрация";
			$header = "Content-type: text/html; charset=utf-8 \r\n";	
			$header .= "From: goldentime\r\n";		
			if (mail($email,$subject,$message,$header)) return true;
				return false;
		}
		return false;
	}
	
	private function login_user($login, $password){		
		return print json_encode($this->generate_salt());	
	}

	public function update_user($data){
		$query;
		$query_salt;
		$res = array();
		$query_salt = mysql_query("SELECT salt FROM user WHERE id = '".$data['id']."'") or die(mysql_error());
		$res = mysql_fetch_array($query_salt);			
		if ($query = mysql_query("UPDATE user SET name = '".$data['name']."',surname = '".$data['surname']."',phone = '".$data['phone']."',country = '".$data['country']."',city = '".$data['city']."',question = '".$data['question']."',response = '".$data['response']."' WHERE id = '".$data['id']."'") or die(mysql_error())){
			$_SESSION['user'] = array(	
				'id' => $data['id'],
				'login'	=> $data['login'],					
				'name' => $data['name'],
				'surname' => $data['surname'],
				'phone' => $data['phone'],
				'email' => $data['email'],
				'country' => $data['country'],
				'city' => $data['city'],
				'question' => $data['question'],
				'response' => $data['response'],
				'privilege' => $data['privilege']
			);
			return true;
		}		
		return false;
	}
	
	public function update_pass($id,$old_pass,$new_pass){
		$query;
		$res = array();
		$query = mysql_query("SELECT * FROM user WHERE id = '".$id."'") or die(mysql_error());
		$res = mysql_fetch_array($query);
		$old_pass = md5(md5($old_pass).md5($res['salt']));
		$new_pass = md5(md5($new_pass).md5($res['salt']));
		if ($old_pass == $res['password']){
			if (mysql_query ("UPDATE user SET password = '".$new_pass."' WHERE id ='".$id."'"));
				return true;
			return false;
		}
		return false;		
	}
		
	
	public function delete_image($id){
		$query_del;
		$query_del = mysql_query("DELETE FROM files WHERE id='".$id."'") or die(mysql_error());
		if (mysql_query ("UPDATE user SET image = '0' WHERE image ='".$id."'"))	
			return true;
		return false;
	}
	
	public function select_image($id){
		$query;
		$result = array();
		$query = mysql_query("SELECT image FROM user WHERE id ='".$id."'") or die(mysql_error());
		$result = mysql_fetch_array($query);
		return $result['image'];
	}
	
	public function image($id){
		$query;
		$result = array();
		$query = mysql_query("SELECT * FROM files WHERE id ='".$id."'") or die(mysql_error());
		$result = mysql_fetch_array($query);
		return '../'.$result['url'].$result['name'];
	}
	
	private function check_time($basa){
		if ((time()-$basa)>86400)return true;
		return false;
	}
	
	public function add_other_user($id_parent,$data){
		$query0;
		$query1;
		$query2;
		$result = array();
		$salt = $this->generate_salt();
		$date = time();
		$password = md5(md5($salt).md5($salt));	
		$query0 = mysql_query("INSERT INTO `user` (`login` ,`password` ,`salt` ,`name` ,`surname` ,`phone` ,`email` ,`country` ,`city` ,`question` ,`response` ,`registered` , `visit`,`last_visit` ,`is_active`, `privilege`, `status`, `image`)
			VALUES ('".$data['login']."', '".$password."', '".$salt."', '".$data['name']."', '".$data['surname']."', '".$data['phone']."', '".$data['email']."', '".$data['country']."', '".$data['city']."', '', '', '".time()."', '', '', '0', '0', '0', '0')") or die(mysql_error());
		$query1 = mysql_query("SELECT id from user WHERE login = '".$data['login']."' and email = '".$data['email']."'") or die (mysql_error());
		if ($query1)
			$res = mysql_fetch_array($query1);
		$id_child = $res['id'];
		$query2 = mysql_query("INSERT INTO `gamers` (userParent ,userChild ,isFree ,number ,date ,payd, paid_money, wait_money, amount_paid, pending, twelve, layer, next_parent) VALUES ('".$id_parent."', '".$id_child."', '0', '0', '".time()."', '0','0', '".LAYER1."', '0','0','0','1','".$id_parent."')") or die (mysql_error());
		if(($query2) && ($this->user_password($data['email'])))
			return true;
		return false;
	}
	
	public function letter_complain($id,$email,$message){
		$query;
		$res = array();
		$query = mysql_query("SELECT email FROM user WHERE privilege = '3'") or die(mysql_error());
		$to = '';
		if ($query){
			while($res = mysql_fetch_array($query)){
				$to .= '<'.$res['email'].'>,';
			}
			$to .= '<'.$email.'>';
			$subject    = "Письмо - жалоба";		  
			$header = "Content-type: text/html; charset=utf-8 \r\n";	
			$header .= "From: goldentime\r\n";		
			if (mail($email,$subject,$message,$header)) return true;
				return false;
		}
		return false;
	}
	
	public function update_question($id){
		$query;
		$query = mysql_query("UPDATE `user` SET `question` = '1' WHERE `id` ='".$id."'") or die(mysql_error());
		if ($query)
			return true;
		return false;
	}
}
